I am now going to try this on a different sub

after that then i am stunned

Hi all, I have just picked up Pulumi the other day (migrating from terraform) and I am struggling to work something out, so I was hoping I could find some help here. I am deploying a webhook via helm with the Pulumi helm resource, everything gets created without issue. As part of this helm deployment a service account gets created. My question is how can I get the details of the service account. in terraform I would have used something like a data source to access to the service account name, which I could then use as an input to something else or as the output to a module. Is it possible to do something this in Pulumi?

Hi #getting-started! What's the common way to get secret values into your Pulumi stack? I'm using C# Specifically I'm thinking in CI/CD

Seems tedious to do

pulumi config set ...

for each secret if I have a few of those.

But maybe I just set env values and get them from the code?

I am trying to implement Crossguard here, my use case is to block any resource deletion or IAM rules changes. Is there a way to allow human review on the Pulumi plan result and decide approve or reject? From the examples given in the website, it seems that the only way to get rid of the error is to remove the code changes completely

Suppose if I don't subscribe to Pulumi Business Critical plan, does it mean the policy check will be done locally for which the

--policy-pack <path-to-policy-pack-directory>

has to be supplied in the pulumi up command? In this case, seems like anyone can just alter the policies in the directory and then get their changes applied? Secondly, it seems that the Github Actions for Pulumi doesn't support policy-pack option yet, which means the policy won't be able to be enforced if the workflow is executed via Github Actions?

Hello! Just getting started with Pulumi, currently using the Digitalocean provider. I tried to add a tag for a resource in the Cloud UI to see whether Pulumi would roll it back (I don't have that tag in my code). After running

pulumi preview

it doesn't want to change the tags back to the state of my code. Is this possible to configure somehow?

Hey #getting-started I have been struggling a bit getting Pulumi to work and I can't figure out what's wrong. Whenever I add a resource (Using the Azure Native provider) I simply don't get anything back from pulumi preview or pulumi up. I tried adding 3 resource groups and it just outputs

Resources:
    1 unchanged

I tried

pulumi refresh

and then

pulumi up

and even

pulumi down

and

pulumi up

but it's just not picking up the changes.

Any idea as to what could be wrong?

Hi again #getting-started I'm setting a

mysql:admin-password

in my

Pulumi.test.yml

and then I do

_config = new Pulumi.Config();

. But when I try to fetch it with

_config.RequireSecret("mysql:admin-password")

it throws

Pulumi.Config+ConfigMissingException: Missing Required configuration variable 'bigday:mysql:admin-password'

I'm on the stack called test.

pulumi config

shows

KEY                    VALUE
mysql:admin-password   [secret]

I noticed that when doing

RequireSecret

it's prefixing the project name ?

But in this guide https://www.pulumi.com/learn/building-with-pulumi/secrets/ this is how it seems to work

I tried

Pulumi.Config()

and

Pulumi.Config(_stackName)

but neither works

How do I get the Pulumi stack name (in Python) so I can use it in resource names? I have seen reference to something like

pulumi.getStack()

, but I cannot figure out how to invoke it in python:

import pulumi
pulumi_stack_name = pulumi.getStack()
print( "pulumi_stack_name: ", pulumi_stack_name )

results in:

AttributeError: module 'pulumi' has no attribute 'getStack'

Hi again #getting-started Does anyone have an example of setting up an Azure Container App? I'm trying to setup a managed environment, but the log analytics (which is required) needs a CustomerId and SharedKey, but the log analytics in the Azure Native provider does not output that. It's only available in the Azure Classic provider.

Is there some kind of dotfile I can work with? my repo's structure has pulumi in a folder named pulumi, so when running from the base directory I have to pass

-C pulumi

every time.

Hello, I’m having problems trying to push changes to AWS with Pulumi, this is what I’ve done • deleted node_modules directory • deleted package-lock.json file • moved pulumi dependencies to devDependencies in package.json • ran

npm install

• I’m using multiple profiles in

/Users/myUser/.aws/credentials

file so i export the variable

AWS_PROFILE

with the desire profile And when i run

pulumi up -y --debug

I have the following output

View Live: <https://app.pulumi.com/username-Company/my-project/staging/previews/a28a6c6f-a248-422b-b6c3-69952ba24b25>

     Type                 Name                     Plan     Info
     pulumi:pulumi:Stack  my-project-staging           1 error; 84 debugs
 
Diagnostics:
  pulumi:pulumi:Stack (my-project-staging):
    debug: AWS Auth provider used: "SharedCredentialsProvider"
    debug: Retrieved credentials from "SharedConfigCredentials: /Users/myUser/.aws/credentials"
    debug: Trying to get account information via iam:GetUser
    debug: [aws-sdk-go-v2] Request
    debug: POST / HTTP/1.1
    debug: Host: <http://iam.amazonaws.com|iam.amazonaws.com>
    debug: User-Agent: APN/1.0 Pulumi/1.0 Pulumi/1.0 Pulumi-Aws/0.11+compatible (+<https://www.pulumi.com>) aws-sdk-go-v2/1.16.4 os/macos lang/go/1.17.10 md/GOOS/darwin md/GOARCH/amd64 api/iam/1.18.4
    debug: Content-Length: 33
    debug: Amz-Sdk-Invocation-Id: 9d4bcd52-bf3a-4820-bc86-63bdb833c373
    debug: Amz-Sdk-Request: attempt=1; max=25
    debug: Authorization: AWS4-HMAC-SHA256 Credential=ASIAZLSIADTQEYX46VWB/20220610/us-east-1/iam/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=ba167d321ee0a3f44bb00c3292f7c49f48b67acb08da69994c6eb89e60104d22
    debug: Content-Type: application/x-www-form-urlencoded
    debug: X-Amz-Date: 20220610T195843Z
    debug: X-Amz-Security-Token: IQoJb3JpZ2luX2VjECoaCXVzLWVhc3QtMSJHMEUCIQDrhA0H+03SzLPtkZreE1YEdxOasofnKb4Taxi6zNKvPQIgR7tE8L+FewnZehskc+xMDrrDlGBUw03TNvStA8CoKlQqlgMIMhADGgw2NDMzMjIzNTQ5MTIiDA4IdCOfKDKYBQzMJirzAo4P8127BeRLMpNu15PDd/XOltgXqWiIJ/uAiZq9Agj9BdaMluXpHEHB11yTQ+nI2FihtOzl8qzul9y0exjgteGebmyMQVEkTOK+sZNicAWGK8wsNVChqJtbP0Xl6r3z6KTVSOjbpP+d50J/I8ZXm4KYT1ywyaPyS0Lr1EeQ/3lkNfA2zi+dKmcEODvcsKHNL1QG9SYf2XGClHeCRRcZicv8v3S0oX5+MsvLfoLK3jYj7qxVx5/J857HBByg8k84bM6kYqRnFBgqJb6WKOHmuCHnvzUCUNqIDQvnh+Y4hmyWqw15zfSdeiY/PKxRHS5RUDJ1MtK9TcZCak/uOMuTv/ktDyJLkDzNfnNApanCV2lwCzTMWN2WtX7EIFZgv/8xJVTmEziZjCkrNOrYquhS9y03hUKj0T7gvST8BWHnZfm/yR0n4s/A7UtPZqnN5C3I+Tiv/jrElqDcbmPfzy6wvhlFe6HoKNrVWHvjWpdcY13qjiIUMM30jZUGOqYBdSbVAiKgQgqlQvUXMPKHQPd088gkSMBYrQckhB10aPZKbc8NsWDH2jMMXCm8oh7tKxCdg1lRvgbuu7BK3ff6A81eVNPJ9jlt00iCU6ujOj1XzIOsHrJh+aj6sR6cD8pleXYPgf8Pd3bgTKoEA8/iLWlH8gRfbe9QZe4Y8Ezs+RQsySnrE/3dfuohuL9zaJK6VwTGaXoTKUlElBCA4QXf/mKvj3AMAw==
    debug: Accept-Encoding: gzip
    debug: 
    debug: Action=GetUser&Version=2010-05-08
    debug: [aws-sdk-go-v2] Response
    debug: HTTP/1.1 400 
    debug: Connection: close
    debug: Content-Length: 307
    debug: Content-Type: text/xml
    debug: Date: Fri, 10 Jun 2022 19:58:43 GMT
    debug: X-Amzn-Requestid: 300c43be-4343-4126-ae6c-f90061c7478b
    debug: 
    debug: <ErrorResponse xmlns="<https://iam.amazonaws.com/doc/2010-05-08/>">
    debug:   <Error>
    debug:     <Type>Sender</Type>
    debug:     <Code>ValidationError</Code>
    debug:     <Message>Must specify userName when calling with non-User credentials</Message>
    debug:   </Error>
    debug:   <RequestId>300c43be-4343-4126-ae6c-f90061c7478b</RequestId>
    debug: </ErrorResponse>
    debug: [aws-sdk-go-v2] request failed with unretryable error https response error StatusCode: 400, RequestID: 300c43be-4343-4126-ae6c-f90061c7478b, api error ValidationError: Must specify userName when calling with non-User credentials
    debug: Ignoring iam:GetUser error: operation error IAM: GetUser, https response error StatusCode: 400, RequestID: 300c43be-4343-4126-ae6c-f90061c7478b, api error ValidationError: Must specify userName when calling with non-User credentials
    debug: Trying to get account information via sts:GetCallerIdentity
    debug: [aws-sdk-go-v2] Request
    debug: POST / HTTP/1.1
    debug: Host: <http://sts.us-east-1.amazonaws.com|sts.us-east-1.amazonaws.com>
    debug: User-Agent: APN/1.0 Pulumi/1.0 Pulumi/1.0 Pulumi-Aws/0.11+compatible (+<https://www.pulumi.com>) aws-sdk-go-v2/1.16.4 os/macos lang/go/1.17.10 md/GOOS/darwin md/GOARCH/amd64 api/sts/1.16.4
    debug: Content-Length: 43
    debug: Amz-Sdk-Invocation-Id: 7f34d0a8-ebd0-4a4f-913b-ec9f3c770d79
    debug: Amz-Sdk-Request: attempt=1; max=25
    debug: Authorization: AWS4-HMAC-SHA256 Credential=ASIAZLSIADTQEYX46VWB/20220610/us-east-1/sts/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=7bd2c6a7b162c260ea98c9f8734c039f07158797f3636aeb8a293e2acb38e693
    debug: Content-Type: application/x-www-form-urlencoded
    debug: X-Amz-Date: 20220610T195844Z
    debug: X-Amz-Security-Token: IQoJb3JpZ2luX2VjECoaCXVzLWVhc3QtMSJHMEUCIQDrhA0H+03SzLPtkZreE1YEdxOasofnKb4Taxi6zNKvPQIgR7tE8L+FewnZehskc+xMDrrDlGBUw03TNvStA8CoKlQqlgMIMhADGgw2NDMzMjIzNTQ5MTIiDA4IdCOfKDKYBQzMJirzAo4P8127BeRLMpNu15PDd/XOltgXqWiIJ/uAiZq9Agj9BdaMluXpHEHB11yTQ+nI2FihtOzl8qzul9y0exjgteGebmyMQVEkTOK+sZNicAWGK8wsNVChqJtbP0Xl6r3z6KTVSOjbpP+d50J/I8ZXm4KYT1ywyaPyS0Lr1EeQ/3lkNfA2zi+dKmcEODvcsKHNL1QG9SYf2XGClHeCRRcZicv8v3S0oX5+MsvLfoLK3jYj7qxVx5/J857HBByg8k84bM6kYqRnFBgqJb6WKOHmuCHnvzUCUNqIDQvnh+Y4hmyWqw15zfSdeiY/PKxRHS5RUDJ1MtK9TcZCak/uOMuTv/ktDyJLkDzNfnNApanCV2lwCzTMWN2WtX7EIFZgv/8xJVTmEziZjCkrNOrYquhS9y03hUKj0T7gvST8BWHnZfm/yR0n4s/A7UtPZqnN5C3I+Tiv/jrElqDcbmPfzy6wvhlFe6HoKNrVWHvjWpdcY13qjiIUMM30jZUGOqYBdSbVAiKgQgqlQvUXMPKHQPd088gkSMBYrQckhB10aPZKbc8NsWDH2jMMXCm8oh7tKxCdg1lRvgbuu7BK3ff6A81eVNPJ9jlt00iCU6ujOj1XzIOsHrJh+aj6sR6cD8pleXYPgf8Pd3bgTKoEA8/iLWlH8gRfbe9QZe4Y8Ezs+RQsySnrE/3dfuohuL9zaJK6VwTGaXoTKUlElBCA4QXf/mKvj3AMAw==
    debug: Accept-Encoding: gzip
    debug: 
    debug: Action=GetCallerIdentity&Version=2011-06-15
    debug: Registering resource: t=pulumi:pulumi:Stack, name=my-project-staging, custom=false, remote=false
    debug: RegisterResource RPC prepared: t=pulumi:pulumi:Stack, name=my-project-staging
    debug: RegisterResource RPC finished: resource:my-project-staging[pulumi:pulumi:Stack]; err: null, resp: urn:pulumi:staging::my-project::pulumi:pulumi:Stack::my-project-staging,,,,
    debug: [aws-sdk-go-v2] Response
    debug: HTTP/1.1 200 OK
    debug: Content-Length: 505
    debug: Content-Type: text/xml
    debug: Date: Fri, 10 Jun 2022 19:58:43 GMT
    debug: X-Amzn-Requestid: 85ae4a1e-1df0-4a72-abf8-e3e5fac1a9ee
    debug: 
    debug: <GetCallerIdentityResponse xmlns="<https://sts.amazonaws.com/doc/2011-06-15/>">
    debug:   <GetCallerIdentityResult>
    debug:     <Arn>arn:aws:sts::8852224923:assumed-role/AWSReservedSSO_gti-aws-workload-admin_216facc0f87bf10d/username@Company.com</Arn>
    debug:     <UserId>AROAZLSIADTQGWBLS5UOF:username@Company.com</UserId>
    debug:     <Account>8852224923</Account>
    debug:   </GetCallerIdentityResult>
    debug:   <ResponseMetadata>
    debug:     <RequestId>85ae4a1e-1df0-4a72-abf8-e3e5fac1a9ee</RequestId>
    debug:   </ResponseMetadata>
    debug: </GetCallerIdentityResponse>
    debug: Running program '/Users/myUser/Documents/Company/Github/my-project' in pwd '/Users/myUser/Documents/Company/Github/my-project' w/ args: 
    debug: Invoking function: tok=aws:ssm/getParameter:getParameter asynchronously
    debug: Invoking function: tok=aws:ssm/getParameter:getParameter asynchronously
    debug: Invoking function: tok=aws:ssm/getParameter:getParameter asynchronously
    debug: , obj={"name":"/elasticache/redis/dc/port"}
    debug: , obj={"name":"/elasticache/redis/dc/primary"}
    debug: , obj={"name":"/elasticache/redis/dc/reader"}
    debug: RegisterResourceOutputs RPC prepared: urn=urn:pulumi:staging::my-project::pulumi:pulumi:Stack::my-project-staging
    debug: RegisterResourceOutputs RPC finished: urn=urn:pulumi:staging::my-project::pulumi:pulumi:Stack::my-project-staging; err: null, resp: 
    debug: RegisterResourceOutputs RPC finished: urn=urn:pulumi:staging::my-project::pulumi:pulumi:Stack::my-project-staging; err: null, resp: 
    debug: Using shared credentials files from configuration: [""]
    debug: Invoke RPC finished: tok=aws:ssm/getParameter:getParameter; err: Error: 2 UNKNOWN: invocation of aws:ssm/getParameter:getParameter returned an error: unable to validate AWS AccessKeyID and/or SecretAccessKey - see <https://pulumi.io/install/aws.html> for details on configuration, resp: undefined
    error: Error: invocation of aws:ssm/getParameter:getParameter returned an error: unable to validate AWS AccessKeyID and/or SecretAccessKey - see <https://pulumi.io/install/aws.html> for details on configuration
        at Object.callback (/Users/myUser/Documents/Company/Github/my-project/node_modules/@pulumi/runtime/invoke.ts:159:33)
        at Object.onReceiveStatus (/Users/myUser/Documents/Company/Github/my-project/node_modules/@grpc/grpc-js/src/client.ts:338:26)
        at Object.onReceiveStatus (/Users/myUser/Documents/Company/Github/my-project/node_modules/@grpc/grpc-js/src/client-interceptors.ts:426:34)
        at Object.onReceiveStatus (/Users/myUser/Documents/Company/Github/my-project/node_modules/@grpc/grpc-js/src/client-interceptors.ts:389:48)
        at /Users/myUser/Documents/Company/Github/my-project/node_modules/@grpc/grpc-js/src/call-stream.ts:276:24
        at processTicksAndRejections (internal/process/task_queues.js:77:11)
    debug: Invoke RPC finished: tok=aws:ssm/getParameter:getParameter; err: Error: 2 UNKNOWN: invocation of aws:ssm/getParameter:getParameter returned an error: unable to validate AWS AccessKeyID and/or SecretAccessKey - see <https://pulumi.io/install/aws.html> for details on configuration, resp: undefined
    debug: Invoke RPC finished: tok=aws:ssm/getParameter:getParameter; err: Error: 2 UNKNOWN: invocation of aws:ssm/getParameter:getParameter returned an error: unable to validate AWS AccessKeyID and/or SecretAccessKey - see <https://pulumi.io/install/aws.html> for details on configuration, resp: undefined

Does anyone knows what could be the error?

Hello everyone, I have a beginner’s question on

core.v1.Secret

Python package. I have checked the documentation here and was wondering whether the

resource_name

is the acutal secret name in K8 or just some name used by Pulumi to reference this secret? Getting a non-unique error from Pulumi, despite the name being unique within a namespace in K8.

Can anyone please share a sample reusing github workflow file for pulumi preview?

I want to use, but not manage (as in leave it alone if I bring down the stack), an existing resource group in Azure. Is

resources.LookupResourceGroup

the correct way to go about this? Seing as it returns a

resources.LookupResourceGroupResult

I am a bit confused; I can of course manually turn this into a

resources.ResourceGroup

but is that really “the way”?

Hey gang, is it possible to use the

--target

flag on

pulumi up

for resources that have not yet been created?

This message was deleted.

hey all, Pulumi beginner here attempting to deploy to AWS S3 using Python Pulumi SDK. getting the error pulumi.automation.errors.InlineSourceRuntimeError when running

stack = auto.create_stack($$$_STUFF_$$$); stack.up()

, have attached screenshot with more detail. it mentions "python inline source runtime error: unexpected input of type TextIOWrapper" but not sure what this means, have tried tweaking a few things but error remains, now i'm rather lost. any help much appreciated, thanks!

i’m trying to alter the tags on the subnets made by the awsx.ec2.Vpc class, but struggling to figure out how that’s done in python, and haven’t had any luck in finding anything that isn’t in typescript. Can anyone give any pointers on how that’s done ? It doesn’t seem to form part of the SubnetSpecArgs class so i guess it’s done in some other way. The typescript seems to access a ‘subnets’ attribute of the class, but that doesn’t seem to be a thing in python unless i’m misreading the source.